Cisco UCS Director Software Has Default Credentials Open to Attackers

Cisco’s UCS Director infrastructure management product contains a set of default credentials that any remote attacker can exploit to take complete control of any vulnerable machine. The flaw is in UCS Director versions 4.0.0.2 and below.

The Cisco UCS Director software is designed to allow administrators to manage a variety of storage, networking, virtualization and other equipment. The company said that its internal security team discovered the vulnerability during testing of the product and isn’t aware of any public exploitation of the bug.

“The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system,” the Cisco advisory says.

The company has released a patch for the bug, pushed out as version 4.0.0.3 HOTFIX.

Cisco also released patches for vulnerabilities in a variety of other products, including the Cisco Unified SIP Phone 3905, Cisco IPS software and the Cisco Firewall Services Module software. The flaw in the SIP Phone 3905 is a vulnerability that allows a remote unauthenticated attacker to get root access to the phone. The issue is the result of an undocumented test interface in the TCP service on the phone, the kind of vulnerability that attackers love to get their hands on.

The flaws in the IPS software are all denial-of-service vulnerabilities and affect a variety of different Cisco products.

“The Cisco IPS Analysis Engine Denial of Service Vulnerability and the Cisco IPS Jumbo Frame Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive or crash. When this occurs, the Cisco IPS will stop inspecting traffic,” the advisory says.

“The Cisco IPS Control-Plane MainApp Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive and prevent it from executing several tasks including alert notification, event store management, and sensor authentication. The Cisco IPS web server will also be unavailable while the MainApp process is unresponsive, and other processes such as the Analysis Engine process may not work properly.”

The Cisco Firewall Services Module software has a vulnerability that allows a remote, unauthenticated attacker to cause the system to crash and reload.

“The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication,” the advisory says.

Suggested articles